I am not aware of any threshold in the MEG appliance which would allow 100 "questionable" messages to get through, but then block any more from the same sender. There are some settings which will allow you to block messages based upon a maximum number of recipients for one message, but that's not a commonly configured setting.
I would definitely recommend giving us a call and discussing this with Support. There may be a settings misconfiguration or something else which we need to assist you to fix. Another possibility is that there is a problem with the spam rules, in which case we would need to get message data to our spam team.
If you haven't already, I would recommend reviewing KB59415 and the Spam Configuration blog post on the MEG blogs above, as these will help with submitting spam false positives and negatives to our spam team.
We also recently went from IronMail 6.7.2 to MEG 7.5. I have numerous users complaining that they used to receive 1 or 2 SPAM messages a week. They are now receiving 10 - 15 a day. I've already downloaded the McAfee Customer Submission tool and have been submitting the samples for almost a week. I've also lowered our spam threshold to 4 for the default policy. At this point, I guess I'm going to have to call support.
I just received the following email from McAfee that seems to indicate the cause for the increased SPAM that we've been seeing over the last couple of weeks.
From: McAfee SNS [mailto:email@example.com]
Sent: Wednesday, March 26, 2014 3:36 PM
Subject: McAfee SNS Notice: Messaging Reputation Server *UPDATE*
Restoration of the Messaging Reputation server and database used for spam filtering will be completed on schedule next week.
McAfee expects a return to normal operating parameters. Tuning enhancements will continue and customers should expect to see incremental improvements over the following 7 days. Additionally, McAfee will increase spam protection and system reliability over the next three months, resulting in additional improvements.
Previously Announced via SNS (10 March 2014)
The McAfee GTI Messaging Reputation database server experienced a hardware failure and impact to the database. Because McAfee was unable to provide updated messaging reputation data to these products, existing reputation data grew stale over time, resulting in more spam getting through to mailboxes.
Products utilizing anti-spam technology were impacted:
- IronMail (McAfee E-Mail Gateway [MEG] 6.x)
- E-mail Gateway (MEG 7.x)
- Firewall Enterprise (All versions)
- E-mail and Web Security Gateway (All versions)
- SaaS E-Mail Protection
- Security for Microsoft Exchange (formerly GroupShield)
- TrustedSource.com Website
- Security Center